<?php
session_start();
include_once $_SERVER['DOCUMENT_ROOT']."/math-videos/configure.inc.php";

if($_POST['username']!="" && $_POST['password']!="")
{
  $sqltext="select id as user_id, permission, institute_id from users  WHERE username=? and password=?";
  $params = array();

  array_push($params,sql_escape($_POST['username']));
  array_push($params,sql_escape($_POST['password']));
  $result = db_select_query($conn2,$sqltext,$params);
  $user_id="";
	$admin_flag =false;
  while($row = db_fetch_array($result))
  {
	  $user_id = $row['user_id'];
		//get the role
		if($row['permission'] =='s' )
		{
			$admin_flag =true;
		}
		$institute_id = $row['institute_id'];
  }
	if($user_id!="")
	{
	  $_SESSION['user']=$_POST['username'];
		$_SESSION['user_id'] = $user_id;
		$_SESSION['admin'] = $admin_flag;
		$_SESSION['institute_id']=$institute_id;
		header('Location: '.$site_http.'admin/index.php');
	}
}
include "../header.php";
?>
<center>
<form action='' method='post'>
<Table cellspacing='0'  cellpadding='5' width='500' style='border:1px solid #acb7d6;font-size:12px;background-color:#cecece'>
<tr>
<td>
Username:</td><td><input type='text' name='username' value='' size='20'  maxlength='40' /></td>
</tr>
<tr>
<Td>

Password:</td><td><input type='password' name='password' value='' size='20'  maxlength='10'/></td>
</tr>
<tr>
<td colspan='2' align='right'>
<input type='submit' value='Login'></td>
</tr></table>
</form>
</center>
<?php

include "../footer.php";
?>